No 'Access-Control-Allow-Origin' header is present on the requested resource

In Postman this Post request runs just perfect:
var settings = {
“url”: “https://webservicesp.anaf.ro/AsynchWebService/api/v5/ws/tva”,
“method”: “POST”,
“timeout”: 0,
“headers”: {
“Content-Type”: “application/json”
},
“data”: JSON.stringify([{“cui”:2864518,“data”:“2021-03-29”}]),
};

$.ajax(settings).done(function (response) {
console.log(response);
});

But when I try to run it from from our WordPress web-store, from a .js file when leaving a field:
$(’#billing_cui’).blur(
function(){…

I get:
Access to XMLHttpRequest at ‘https://webservicesp.anaf.ro/AsynchWebService/api/v5/ws/tva’ from origin ‘https://…’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
webservicesp.anaf.ro/AsynchWebService/api/v5/ws/tva:1 Failed to load resource: net::ERR_FAILED

Hi @Valdinia, Welcome to Community!

It seems the endpoint which you are trying to use has CORS policy enabled. You need to pass headers like the one mentioned “Access-Control-Allow-Origin” in your error message.

Generally postman includes these headers by default. To verify this you can check for hidden or auto populated headers under header tab in postman else you can also find in postman console what all headers were sent in the request payload.

If policy is there you may need to pass extra headers to align with CORS policy in your JS script from wordpress.

Hope this helps :slightly_smiling_face:

Thank you for your answer!

Have you found a solution yet? i`m struggling with the same exact problem…

The error you get is due to the CORS standard, which sets some restrictions on how JavaScript can perform ajax requests.

The CORS standard is a client-side standard, implemented in the browser. So it is the browser which prevent the call from completing and generates the error message - not the server.

Postman does not implement the CORS restrictions, which is why you don’t see the same error when making the same call from Postman.

Why doesn’t Postman implement CORS? CORS defines the restrictions relative to the origin (URL domain) of the page which initiates the request. But in Postman the requests doesn’t originate from a page with an URL so CORS does not apply.

1 Like